On 18/09/2014 02:58, Michael Thomas wrote: > On 09/16/2014 11:31 PM, Mikael Abrahamsson wrote: >> As was presented in.. err, London?, shared secrets are bad. To really >> do this properly, we need device specific keys and some kind of list >> of "devices that are allowed to connect", perhaps by having their >> public keys in HNCP. I don't know. I am no security expert, but I >> believe we probably have to have two or three modes of security, one >> being "unsecure" that is auto everything (will give scenarios like the >> one Tim wrote about), one that is "shared secret", but where devices >> need to be configured using this shared secret (protects against >> accidents), and a third one where PKI is used, but where user policy >> infrastructure is available. The third one greatly increases scope the >> framework required to implement. I'm not sure it would even be HNCP >> anymore, perhaps we need a wider view than what the HOMENET charter >> has in it currently. > > Global symmetric keys certainly have their problems, but using public > keys have their own. > Namely, if I want to enroll a new device each other currently enrolled > device needs to know about > the public key of the new enrollee. For 2 devices, that's possibly > manageable but for more I really > don't want to run around my house looking for every homenet device to > enroll the new one. > > If we were to do that, it might be nice to have a distributed database > of homenet devices such that > I only had to enroll it on one of my homenet devices, and then it's > distributed to the rest.
I don't think that's a "nice to have". I think it's an unavoidable requirement, and it has to require at most trivial human intervention. (Don't shoot me, but this happens to be a must-have for autonomic networking too.) Brian _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
